ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/connection.C
Revision: 1.100
Committed: Wed Jul 17 05:34:17 2013 UTC (10 years, 10 months ago) by root
Content type: text/plain
Branch: MAIN
Changes since 1.99: +3 -0 lines
Log Message: 
*** empty log message ***

File Contents

# Content
1 /*
2 connection.C -- manage a single connection
3 Copyright (C) 2003-2008,2010,2011,2013 Marc Lehmann <gvpe@schmorp.de>
4
5 This file is part of GVPE.
6
7 GVPE is free software; you can redistribute it and/or modify it
8 under the terms of the GNU General Public License as published by the
9 Free Software Foundation; either version 3 of the License, or (at your
10 option) any later version.
11
12 This program is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
15 Public License for more details.
16
17 You should have received a copy of the GNU General Public License along
18 with this program; if not, see <http://www.gnu.org/licenses/>.
19
20 Additional permission under GNU GPL version 3 section 7
21
22 If you modify this Program, or any covered work, by linking or
23 combining it with the OpenSSL project's OpenSSL library (or a modified
24 version of that library), containing parts covered by the terms of the
25 OpenSSL or SSLeay licenses, the licensors of this Program grant you
26 additional permission to convey the resulting work. Corresponding
27 Source for a non-source form of such a combination shall include the
28 source code for the parts of OpenSSL used as well as that of the
29 covered work.
30 */
31
32 #include "config.h"
33
34 #include <list>
35 #include <queue>
36 #include <utility>
37
38 #include <openssl/rand.h>
39 #include <openssl/evp.h>
40 #include <openssl/rsa.h>
41 #include <openssl/err.h>
42
43 #include "conf.h"
44 #include "slog.h"
45 #include "device.h"
46 #include "vpn.h"
47 #include "connection.h"
48 #include "hkdf.h"
49
50 #include "netcompat.h"
51
52 #define MAGIC "gvpe\xbd\xc6\xdb\x82" // 8 bytes of magic
53
54 #define ULTRA_FAST 1
55 #define HLOG 15
56 #include "lzf/lzf.h"
57 #include "lzf/lzf_c.c"
58 #include "lzf/lzf_d.c"
59
60 //////////////////////////////////////////////////////////////////////////////
61
62 static std::queue< std::pair<run_script_cb *, const char *> > rs_queue;
63 static ev::child rs_child_ev;
64
65 namespace
66 {
67 void // c++ requires external linkage here, apparently :(
68 rs_child_cb (ev::child &w, int revents)
69 {
70 w.stop ();
71
72 if (rs_queue.empty ())
73 return;
74
75 pid_t pid = run_script (*rs_queue.front ().first, false);
76 if (pid)
77 {
78 w.set (pid);
79 w.start ();
80 }
81 else
82 slog (L_WARN, rs_queue.front ().second);
83
84 delete rs_queue.front ().first;
85 rs_queue.pop ();
86 }
87 };
88
89 // despite the fancy name, this is quite a hack
90 static void
91 run_script_queued (run_script_cb *cb, const char *warnmsg)
92 {
93 rs_queue.push (std::make_pair (cb, warnmsg));
94
95 if (!rs_child_ev.is_active ())
96 {
97 rs_child_ev.set<rs_child_cb> ();
98 rs_child_ev ();
99 }
100 }
101
102 //////////////////////////////////////////////////////////////////////////////
103
104 struct crypto_ctx
105 {
106 EVP_CIPHER_CTX cctx;
107 HMAC_CTX hctx;
108
109 crypto_ctx (const auth_data &auth1, const auth_data &auth2, const ecdh_key &a, const ecdh_key &b, int enc);
110 ~crypto_ctx ();
111 };
112
113 crypto_ctx::crypto_ctx (const auth_data &auth1, const auth_data &auth2, const ecdh_key &a, const ecdh_key &b, int enc)
114 {
115 ecdh_key s;
116
117 curve25519_combine (a, b, s);
118
119 {
120 u8 mac_key[MAC_KEYSIZE];
121 static const unsigned char mac_info[] = "gvpe mac key";
122
123 hkdf kdf (auth2.rsa.hkdf_salt, sizeof (auth2.rsa.hkdf_salt), HKDF_XTR_HASH ());
124 kdf.extract (auth2.rsa.ikm, sizeof (auth2.rsa.ikm));
125 kdf.extract (auth1.rsa.mac_key, sizeof (auth1.rsa.mac_key));
126 kdf.extract (s, sizeof (s));
127 kdf.extract_done (HKDF_PRF_HASH ());
128 kdf.expand (mac_key, sizeof (mac_key), mac_info, sizeof (mac_info));
129
130 HMAC_CTX_init (&hctx);
131 require (HMAC_Init_ex (&hctx, mac_key, MAC_KEYSIZE, MAC_DIGEST (), 0));
132 }
133
134 {
135 u8 cipher_key[CIPHER_KEYSIZE];
136 static const unsigned char cipher_info[] = "gvpe cipher key";
137
138 hkdf kdf (auth2.rsa.hkdf_salt, sizeof (auth2.rsa.hkdf_salt), HKDF_XTR_HASH ());
139 kdf.extract (auth2.rsa.ikm, sizeof (auth2.rsa.ikm));
140 kdf.extract (auth1.rsa.cipher_key, sizeof (auth1.rsa.cipher_key));
141 kdf.extract (s, sizeof (s));
142 kdf.extract_done (HKDF_PRF_HASH ());
143 kdf.expand (cipher_key, sizeof (cipher_key), cipher_info, sizeof (cipher_info));
144
145 EVP_CIPHER_CTX_init (&cctx);
146 require (EVP_CipherInit_ex (&cctx, CIPHER (), 0, cipher_key, 0, enc));
147 }
148 }
149
150 crypto_ctx::~crypto_ctx ()
151 {
152 require (EVP_CIPHER_CTX_cleanup (&cctx));
153 HMAC_CTX_cleanup (&hctx);
154 }
155
156 static inline void
157 auth_encrypt (RSA *key, const auth_data &auth, auth_encr &encr)
158 {
159 if (RSA_public_encrypt (sizeof (auth.rsa),
160 (unsigned char *)&auth.rsa, (unsigned char *)&encr.rsa,
161 key, RSA_PKCS1_OAEP_PADDING) < 0)
162 fatal ("RSA_public_encrypt error");
163
164 memcpy (&encr.ecdh, &auth.ecdh, sizeof (encr.ecdh));
165 }
166
167 static inline bool
168 auth_decrypt (RSA *key, const auth_encr &encr, auth_data &auth)
169 {
170 u8 rsa_decrypt[RSA_KEYLEN];
171
172 if (RSA_private_decrypt (sizeof (encr.rsa),
173 (const unsigned char *)&encr.rsa, (unsigned char *)rsa_decrypt,
174 key, RSA_PKCS1_OAEP_PADDING) != sizeof (auth.rsa))
175 return 0;
176
177 memcpy (&auth.rsa, rsa_decrypt, sizeof (auth.rsa));
178 memcpy (&auth.ecdh, &encr.ecdh, sizeof (auth.ecdh));
179
180 return 1;
181 }
182
183 static void
184 auth_hash (const auth_data &auth, auth_mac &mac)
185 {
186 HMAC_CTX ctx;
187
188 HMAC_CTX_init (&ctx);
189 require (HMAC_Init_ex (&ctx, auth.rsa.auth_key, sizeof (auth.rsa.auth_key), AUTH_DIGEST (), 0));
190 require (HMAC_Update (&ctx, (const unsigned char *)&auth, sizeof auth));
191 require (HMAC_Final (&ctx, (unsigned char *)&mac, 0));
192 HMAC_CTX_cleanup (&ctx);
193 }
194
195 void
196 connection::generate_auth_data ()
197 {
198 if (auth_expire < ev_now ())
199 {
200 // request data
201 RAND_bytes ((unsigned char *)&snd_auth.rsa, sizeof snd_auth.rsa);
202 curve25519_generate (snd_ecdh_a, snd_auth.ecdh);
203 auth_hash (snd_auth, snd_auth_mac);
204
205 // eventual response data
206 curve25519_generate (rcv_ecdh_a, rcv_ecdh_b);
207 }
208
209 // every use prolongs the expiry
210 auth_expire = ev_now () + AUTH_TTL;
211 }
212
213 //////////////////////////////////////////////////////////////////////////////
214
215 pkt_queue::pkt_queue (double max_ttl, int max_queue)
216 : max_ttl (max_ttl), max_queue (max_queue)
217 {
218 queue = new pkt [max_queue];
219
220 i = 0;
221 j = 0;
222
223 expire.set<pkt_queue, &pkt_queue::expire_cb> (this);
224 }
225
226 pkt_queue::~pkt_queue ()
227 {
228 while (net_packet *p = get ())
229 delete p;
230
231 delete [] queue;
232 }
233
234 void
235 pkt_queue::expire_cb (ev::timer &w, int revents)
236 {
237 ev_tstamp expire = ev_now () - max_ttl;
238
239 for (;;)
240 {
241 if (empty ())
242 break;
243
244 double diff = queue[j].tstamp - expire;
245
246 if (diff >= 0.)
247 {
248 w.start (diff > 0.5 ? diff : 0.5);
249 break;
250 }
251
252 delete get ();
253 }
254 }
255
256 void
257 pkt_queue::put (net_packet *p)
258 {
259 ev_tstamp now = ev_now ();
260
261 // start expiry timer
262 if (empty ())
263 expire.start (max_ttl);
264
265 int ni = i + 1 == max_queue ? 0 : i + 1;
266
267 if (ni == j)
268 delete get ();
269
270 queue[i].pkt = p;
271 queue[i].tstamp = now;
272
273 i = ni;
274 }
275
276 net_packet *
277 pkt_queue::get ()
278 {
279 if (empty ())
280 return 0;
281
282 net_packet *p = queue[j].pkt;
283 queue[j].pkt = 0;
284
285 j = j + 1 == max_queue ? 0 : j + 1;
286
287 return p;
288 }
289
290 struct net_rateinfo
291 {
292 u32 host;
293 double pcnt, diff;
294 tstamp last;
295 };
296
297 // only do action once every x seconds per host whole allowing bursts.
298 // this implementation ("splay list" ;) is inefficient,
299 // but low on resources.
300 struct net_rate_limiter : list<net_rateinfo>
301 {
302 # define NRL_ALPHA (1. - 1. / 600.) // allow bursts
303 # define NRL_CUTOFF 10. // one event every CUTOFF seconds
304 # define NRL_EXPIRE (NRL_CUTOFF * 30.) // expire entries after this time
305 # define NRL_MAXDIF (NRL_CUTOFF * (1. / (1. - NRL_ALPHA))) // maximum diff /count value
306
307 bool can (const sockinfo &si) { return can((u32)si.host); }
308 bool can (u32 host);
309 };
310
311 static net_rate_limiter auth_rate_limiter, reset_rate_limiter;
312
313 bool
314 net_rate_limiter::can (u32 host)
315 {
316 iterator i;
317
318 for (i = begin (); i != end (); )
319 if (i->host == host)
320 break;
321 else if (i->last < ev_now () - NRL_EXPIRE)
322 i = erase (i);
323 else
324 i++;
325
326 if (i == end ())
327 {
328 net_rateinfo ri;
329
330 ri.host = host;
331 ri.pcnt = 1.;
332 ri.diff = NRL_MAXDIF;
333 ri.last = ev_now ();
334
335 push_front (ri);
336
337 return true;
338 }
339 else
340 {
341 net_rateinfo ri (*i);
342 erase (i);
343
344 ri.pcnt = ri.pcnt * NRL_ALPHA;
345 ri.diff = ri.diff * NRL_ALPHA + (ev_now () - ri.last);
346
347 ri.last = ev_now ();
348
349 double dif = ri.diff / ri.pcnt;
350
351 bool send = dif > NRL_CUTOFF;
352
353 if (dif > NRL_MAXDIF)
354 {
355 ri.pcnt = 1.;
356 ri.diff = NRL_MAXDIF;
357 }
358 else if (send)
359 ri.pcnt++;
360
361 push_front (ri);
362
363 return send;
364 }
365 }
366
367 /////////////////////////////////////////////////////////////////////////////
368
369 unsigned char hmac_packet::hmac_digest[EVP_MAX_MD_SIZE];
370
371 void
372 hmac_packet::hmac_gen (crypto_ctx *ctx)
373 {
374 unsigned int xlen;
375
376 HMAC_CTX *hctx = &ctx->hctx;
377
378 require (HMAC_Init_ex (hctx, 0, 0, 0, 0));
379 require (HMAC_Update (hctx, ((unsigned char *) this) + sizeof (hmac_packet),
380 len - sizeof (hmac_packet)));
381 require (HMAC_Final (hctx, (unsigned char *) &hmac_digest, &xlen));
382 }
383
384 void
385 hmac_packet::hmac_set (crypto_ctx *ctx)
386 {
387 hmac_gen (ctx);
388
389 memcpy (hmac, hmac_digest, HMACLENGTH);
390 }
391
392 bool
393 hmac_packet::hmac_chk (crypto_ctx *ctx)
394 {
395 hmac_gen (ctx);
396
397 return !memcmp (hmac, hmac_digest, HMACLENGTH);
398 }
399
400 void
401 vpn_packet::set_hdr (ptype type_, unsigned int dst)
402 {
403 type = type_;
404
405 int src = THISNODE->id;
406
407 src1 = src;
408 srcdst = ((src >> 8) << 4) | (dst >> 8);
409 dst1 = dst;
410 }
411
412 #define MAXVPNDATA (MAX_MTU - 6 - 6)
413 #define DATAHDR (sizeof (u32) + RAND_SIZE)
414
415 struct vpndata_packet : vpn_packet
416 {
417 u8 data[MAXVPNDATA + DATAHDR]; // seqno
418
419 void setup (connection *conn, int dst, u8 *d, u32 len, u32 seqno);
420 tap_packet *unpack (connection *conn, u32 &seqno);
421
422 private:
423 const u32 data_hdr_size () const
424 {
425 return sizeof (vpndata_packet) - sizeof (net_packet) - MAXVPNDATA - DATAHDR;
426 }
427 };
428
429 void
430 vpndata_packet::setup (connection *conn, int dst, u8 *d, u32 l, u32 seqno)
431 {
432 EVP_CIPHER_CTX *cctx = &conn->octx->cctx;
433 int outl = 0, outl2;
434 ptype type = PT_DATA_UNCOMPRESSED;
435
436 #if ENABLE_COMPRESSION
437 u8 cdata[MAX_MTU];
438
439 if (conn->features & FEATURE_COMPRESSION)
440 {
441 u32 cl = lzf_compress (d, l, cdata + 2, (l - 2) & ~7);
442
443 if (cl)
444 {
445 type = PT_DATA_COMPRESSED;
446 d = cdata;
447 l = cl + 2;
448
449 d[0] = cl >> 8;
450 d[1] = cl;
451 }
452 }
453 #endif
454
455 require (EVP_CipherInit_ex (cctx, 0, 0, 0, 0, 1));
456
457 struct {
458 #if RAND_SIZE
459 u8 rnd[RAND_SIZE];
460 #endif
461 u32 seqno;
462 } datahdr;
463
464 datahdr.seqno = ntohl (seqno);
465 #if RAND_SIZE
466 RAND_bytes ((unsigned char *) datahdr.rnd, RAND_SIZE);
467 #endif
468
469 require (EVP_EncryptUpdate (cctx,
470 (unsigned char *) data + outl, &outl2,
471 (unsigned char *) &datahdr, DATAHDR));
472 outl += outl2;
473
474 require (EVP_EncryptUpdate (cctx,
475 (unsigned char *) data + outl, &outl2,
476 (unsigned char *) d, l));
477 outl += outl2;
478
479 require (EVP_EncryptFinal_ex (cctx, (unsigned char *) data + outl, &outl2));
480 outl += outl2;
481
482 len = outl + data_hdr_size ();
483
484 set_hdr (type, dst);
485
486 hmac_set (conn->octx);
487 }
488
489 tap_packet *
490 vpndata_packet::unpack (connection *conn, u32 &seqno)
491 {
492 EVP_CIPHER_CTX *cctx = &conn->ictx->cctx;
493 int outl = 0, outl2;
494 tap_packet *p = new tap_packet;
495 u8 *d;
496 u32 l = len - data_hdr_size ();
497
498 require (EVP_CipherInit_ex (cctx, 0, 0, 0, 0, 0));
499
500 #if ENABLE_COMPRESSION
501 u8 cdata[MAX_MTU];
502
503 if (type == PT_DATA_COMPRESSED)
504 d = cdata;
505 else
506 #endif
507 d = &(*p)[6 + 6 - DATAHDR];
508
509 /* this overwrites part of the src mac, but we fix that later */
510 require (EVP_DecryptUpdate (cctx,
511 d, &outl2,
512 (unsigned char *)&data, len - data_hdr_size ()));
513 outl += outl2;
514
515 require (EVP_DecryptFinal_ex (cctx, (unsigned char *)d + outl, &outl2));
516 outl += outl2;
517
518 seqno = ntohl (*(u32 *)(d + RAND_SIZE));
519
520 id2mac (dst () ? dst() : THISNODE->id, p->dst);
521 id2mac (src (), p->src);
522
523 #if ENABLE_COMPRESSION
524 if (type == PT_DATA_COMPRESSED)
525 {
526 u32 cl = (d[DATAHDR] << 8) | d[DATAHDR + 1];
527
528 p->len = lzf_decompress (d + DATAHDR + 2, cl < MAX_MTU ? cl : 0,
529 &(*p)[6 + 6], MAX_MTU)
530 + 6 + 6;
531 }
532 else
533 p->len = outl + (6 + 6 - DATAHDR);
534 #endif
535
536 return p;
537 }
538
539 struct ping_packet : vpn_packet
540 {
541 void setup (int dst, ptype type)
542 {
543 set_hdr (type, dst);
544 len = sizeof (*this) - sizeof (net_packet);
545 }
546 };
547
548 struct config_packet : vpn_packet
549 {
550 u8 prot_major, prot_minor, randsize;
551 u8 flags, features, pad6, pad7, pad8;
552 u32 cipher_nid, mac_nid, auth_nid;
553
554 void setup (ptype type, int dst);
555 bool chk_config () const;
556
557 static u8 get_features ()
558 {
559 u8 f = 0;
560 #if ENABLE_COMPRESSION
561 f |= FEATURE_COMPRESSION;
562 #endif
563 #if ENABLE_ROHC
564 f |= FEATURE_ROHC;
565 #endif
566 #if ENABLE_BRIDGING
567 f |= FEATURE_BRIDGING;
568 #endif
569 return f;
570 }
571 };
572
573 void
574 config_packet::setup (ptype type, int dst)
575 {
576 prot_major = PROTOCOL_MAJOR;
577 prot_minor = PROTOCOL_MINOR;
578 randsize = RAND_SIZE;
579 flags = 0;
580 features = get_features ();
581
582 cipher_nid = htonl (EVP_CIPHER_nid (CIPHER ()));
583 mac_nid = htonl (EVP_MD_type (MAC_DIGEST ()));
584 auth_nid = htonl (EVP_MD_type (AUTH_DIGEST ()));
585
586 len = sizeof (*this) - sizeof (net_packet);
587 set_hdr (type, dst);
588 }
589
590 bool
591 config_packet::chk_config () const
592 {
593 if (prot_major != PROTOCOL_MAJOR)
594 slog (L_WARN, _("major version mismatch (remote %d <=> local %d)"), prot_major, PROTOCOL_MAJOR);
595 else if (randsize != RAND_SIZE)
596 slog (L_WARN, _("rand size mismatch (remote %d <=> local %d)"), randsize, RAND_SIZE);
597 else if (cipher_nid != htonl (EVP_CIPHER_nid (CIPHER ())))
598 slog (L_WARN, _("cipher algo mismatch (remote %x <=> local %x)"), ntohl (cipher_nid), EVP_CIPHER_nid (CIPHER ()));
599 else if (mac_nid != htonl (EVP_MD_type (MAC_DIGEST ())))
600 slog (L_WARN, _("mac algo mismatch (remote %x <=> local %x)"), ntohl (mac_nid), EVP_MD_type (MAC_DIGEST ()));
601 else if (auth_nid != htonl (EVP_MD_type (AUTH_DIGEST ())))
602 slog (L_WARN, _("auth algo mismatch (remote %x <=> local %x)"), ntohl (auth_nid), EVP_MD_type (AUTH_DIGEST ()));
603 else
604 return true;
605
606 return false;
607 }
608
609 struct auth_req_packet : config_packet // UNPROTECTED
610 {
611 char magic[8];
612 u8 initiate; // false if this is just an automatic reply
613 u8 protocols; // supported protocols (will be patched on forward)
614 u8 pad2, pad3;
615 auth_encr encr;
616
617 auth_req_packet (int dst, bool initiate_, u8 protocols_)
618 {
619 config_packet::setup (PT_AUTH_REQ, dst);
620 memcpy (magic, MAGIC, 8);
621 initiate = !!initiate_;
622 protocols = protocols_;
623
624 len = sizeof (*this) - sizeof (net_packet);
625 }
626 };
627
628 struct auth_res_packet : config_packet // UNPROTECTED
629 {
630 auth_response response;
631
632 auth_res_packet (int dst)
633 {
634 config_packet::setup (PT_AUTH_RES, dst);
635
636 len = sizeof (*this) - sizeof (net_packet);
637 }
638 };
639
640 struct connect_req_packet : vpn_packet
641 {
642 u8 id, protocols;
643 u8 pad1, pad2;
644
645 connect_req_packet (int dst, int id_, u8 protocols_)
646 : id(id_)
647 , protocols(protocols_)
648 {
649 set_hdr (PT_CONNECT_REQ, dst);
650 len = sizeof (*this) - sizeof (net_packet);
651 }
652 };
653
654 struct connect_info_packet : vpn_packet
655 {
656 u8 id, protocols;
657 u8 pad1, pad2;
658 sockinfo si;
659
660 connect_info_packet (int dst, int id_, const sockinfo &si_, u8 protocols_)
661 : id(id_)
662 , protocols(protocols_)
663 , si(si_)
664 {
665 set_hdr (PT_CONNECT_INFO, dst);
666
667 len = sizeof (*this) - sizeof (net_packet);
668 }
669 };
670
671 /////////////////////////////////////////////////////////////////////////////
672
673 void
674 connection::connection_established (const sockinfo &rsi)
675 {
676 if (!have_snd_auth || !have_rcv_auth)
677 return;
678
679 si = rsi;
680 protocol = rsi.prot;
681
682 slog (L_INFO, _("%s(%s): connection established (%s), protocol version %d.%d."),
683 conf->nodename, (const char *)rsi,
684 is_direct ? "direct" : "forwarded",
685 PROTOCOL_MAJOR, prot_minor);
686
687 if (::conf.script_node_up)
688 {
689 run_script_cb *cb = new run_script_cb;
690 cb->set<connection, &connection::script_node_up> (this);
691 run_script_queued (cb, _("node-up command execution failed, continuing."));
692 }
693
694 delete ictx; ictx = new crypto_ctx (rcv_auth, snd_auth, rcv_ecdh_a, rcv_auth.ecdh, 0);
695 iseqno.reset (ntohl (rcv_auth.rsa.seqno) & 0x7fffffff);
696
697 delete octx; octx = new crypto_ctx (snd_auth, rcv_auth, snd_ecdh_a, snd_ecdh_b , 1);
698 oseqno = ntohl (snd_auth.rsa.seqno) & 0x7fffffff;
699
700 if (ictx && octx)
701 {
702 // make sure rekeying timeouts are slightly asymmetric
703 ev::tstamp rekey_interval = ::conf.rekey + (conf->id > THISNODE->id ? 10 : 0);
704 rekey.start (rekey_interval, rekey_interval);
705
706 keepalive.start (::conf.keepalive);
707
708 // send queued packets
709 if (ictx && octx)
710 {
711 while (tap_packet *p = (tap_packet *)data_queue.get ())
712 {
713 if (p->len) send_data_packet (p);
714 delete p;
715 }
716
717 while (vpn_packet *p = (vpn_packet *)vpn_queue.get ())
718 {
719 if (p->len) send_vpn_packet (p, si, IPTOS_RELIABILITY);
720 delete p;
721 }
722 }
723
724 vpn->connection_established (this);
725 }
726 #if 0
727 else
728 {
729 retry_cnt = 0;
730 establish_connection.start (5);
731 keepalive.stop ();
732 rekey.stop ();
733 }
734 #endif
735 }
736
737 void
738 connection::reset_si ()
739 {
740 if (vpn->can_direct (THISNODE, conf))
741 protocol = best_protocol (THISNODE->protocols & conf->connectable_protocols ());
742 else
743 {
744 slog (L_TRACE, _("%s: direct connection denied by config."), conf->nodename);
745 protocol = 0;
746 }
747
748 si.set (conf, protocol);
749
750 is_direct = si.valid ();
751 }
752
753 // ensure sockinfo is valid, forward if necessary
754 const sockinfo &
755 connection::forward_si (const sockinfo &si) const
756 {
757 if (!si.valid ())
758 {
759 connection *r = vpn->find_router_for (this);
760
761 if (r)
762 {
763 slog (L_DEBUG, _("%s: no common protocol, trying to route through %s."),
764 conf->nodename, r->conf->nodename);
765 return r->si;
766 }
767 else
768 slog (L_DEBUG, _("%s: node unreachable, no common protocol or no router available."),
769 conf->nodename);
770 }
771
772 return si;
773 }
774
775 void
776 connection::send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos)
777 {
778 if (!vpn->send_vpn_packet (pkt, si, tos))
779 reset_connection ();
780 }
781
782 void
783 connection::send_ping (const sockinfo &si, u8 pong)
784 {
785 ping_packet *pkt = new ping_packet;
786
787 pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING);
788
789 slog (L_TRACE, "%s << %s [%s]", conf->nodename, pong ? "PT_PONG" : "PT_PING", (const char *)si);
790 send_vpn_packet (pkt, si, IPTOS_LOWDELAY);
791
792 delete pkt;
793 }
794
795 void
796 connection::send_reset (const sockinfo &si)
797 {
798 if (reset_rate_limiter.can (si) && connectmode != conf_node::C_DISABLED)
799 {
800 config_packet *pkt = new config_packet;
801
802 pkt->setup (vpn_packet::PT_RESET, conf->id);
803 send_vpn_packet (pkt, si, IPTOS_MINCOST);
804
805 delete pkt;
806 }
807 }
808
809 void
810 connection::send_auth_request (const sockinfo &si, bool initiate)
811 {
812 auth_req_packet *pkt = new auth_req_packet (conf->id, initiate, THISNODE->protocols);
813
814 generate_auth_data ();
815 auth_encrypt (conf->rsa_key, snd_auth, pkt->encr);
816
817 slog (L_TRACE, "%s << PT_AUTH_REQ [%s]", conf->nodename, (const char *)si);
818 send_vpn_packet (pkt, si, IPTOS_RELIABILITY | IPTOS_LOWDELAY); // rsa is very very costly
819
820 delete pkt;
821 }
822
823 void
824 connection::send_auth_response (const sockinfo &si)
825 {
826 auth_res_packet *pkt = new auth_res_packet (conf->id);
827
828 auth_hash (rcv_auth, pkt->response.mac);
829 memcpy (pkt->response.ecdh, rcv_ecdh_b, sizeof (rcv_ecdh_b));
830
831 slog (L_TRACE, "%s << PT_AUTH_RES [%s]", conf->nodename, (const char *)si);
832 send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly
833
834 delete pkt;
835 }
836
837 void
838 connection::send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols)
839 {
840 slog (L_TRACE, "%s << PT_CONNECT_INFO(%s,%s,p%02x)", conf->nodename,
841 vpn->conns[rid - 1]->conf->nodename, (const char *)rsi,
842 conf->protocols);
843
844 connect_info_packet *r = new connect_info_packet (conf->id, rid, rsi, rprotocols);
845
846 r->hmac_set (octx);
847 send_vpn_packet (r, si);
848
849 delete r;
850 }
851
852 inline void
853 connection::establish_connection_cb (ev::timer &w, int revents)
854 {
855 if (!(ictx && octx)
856 && conf != THISNODE
857 && connectmode != conf_node::C_NEVER
858 && connectmode != conf_node::C_DISABLED
859 && !w.is_active ())
860 {
861 // a bit hacky, if ondemand, and packets are no longer queued, then reset the connection
862 // and stop trying. should probably be handled by a per-connection expire handler.
863 if (connectmode == conf_node::C_ONDEMAND && vpn_queue.empty () && data_queue.empty ())
864 {
865 reset_connection ();
866 return;
867 }
868
869 last_establish_attempt = ev_now ();
870
871 ev::tstamp retry_int = ev::tstamp (retry_cnt & 3
872 ? (retry_cnt & 3) + 1
873 : 1 << (retry_cnt >> 2));
874
875 reset_si ();
876
877 bool slow = si.prot & PROT_SLOW;
878
879 if (si.prot && !si.host && vpn->can_direct (THISNODE, conf))
880 {
881 /*TODO*/ /* start the timer so we don't recurse endlessly */
882 w.start (1);
883 vpn->send_connect_request (this);
884 }
885 else
886 {
887 if (si.valid ())
888 slog (L_DEBUG, _("%s: sending direct connection request to %s."),
889 conf->nodename, (const char *)si);
890
891 const sockinfo &dsi = forward_si (si);
892
893 slow = slow || (dsi.prot & PROT_SLOW);
894
895 if (dsi.valid () && auth_rate_limiter.can (dsi))
896 {
897 if (retry_cnt < 4)
898 send_auth_request (dsi, true);
899 else
900 send_ping (dsi, 0);
901 }
902 }
903
904 retry_int *= slow ? 8. : 0.9;
905
906 if (retry_int < conf->max_retry)
907 retry_cnt++;
908 else
909 retry_int = conf->max_retry;
910
911 w.start (retry_int);
912 }
913 }
914
915 void
916 connection::reset_connection ()
917 {
918 if (ictx && octx)
919 {
920 slog (L_INFO, _("%s(%s): connection lost"),
921 conf->nodename, (const char *)si);
922
923 if (::conf.script_node_down)
924 {
925 run_script_cb *cb = new run_script_cb;
926 cb->set<connection, &connection::script_node_down> (this);
927 run_script_queued (cb, _("node-down command execution failed, continuing."));
928 }
929 }
930
931 delete ictx; ictx = 0;
932 delete octx; octx = 0;
933
934 si.host = 0;
935
936 have_snd_auth = false;
937 have_rcv_auth = false;
938 auth_expire = 0.;
939
940 last_activity = 0.;
941 //last_si_change = 0.;
942 retry_cnt = 0;
943
944 rekey.stop ();
945 keepalive.stop ();
946 establish_connection.stop ();
947 }
948
949 void
950 connection::shutdown ()
951 {
952 if (ictx && octx)
953 send_reset (si);
954
955 reset_connection ();
956 }
957
958 // poor-man's rekeying
959 inline void
960 connection::rekey_cb (ev::timer &w, int revents)
961 {
962 reset_connection ();
963 establish_connection ();
964 }
965
966 void
967 connection::send_data_packet (tap_packet *pkt)
968 {
969 vpndata_packet *p = new vpndata_packet;
970 int tos = 0;
971
972 // I am not hilarious about peeking into packets, but so be it.
973 if (conf->inherit_tos && pkt->is_ipv4 ())
974 tos = (*pkt)[15] & IPTOS_TOS_MASK;
975
976 p->setup (this, conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs
977 send_vpn_packet (p, si, tos);
978
979 delete p;
980
981 if (oseqno > MAX_SEQNO)
982 rekey ();
983 }
984
985 void
986 connection::post_inject_queue ()
987 {
988 // force a connection every now and when when packets are sent (max 1/s)
989 if (ev_now () - last_establish_attempt >= 0.95) // arbitrary
990 establish_connection.stop ();
991
992 establish_connection ();
993 }
994
995 void
996 connection::inject_data_packet (tap_packet *pkt)
997 {
998 if (ictx && octx)
999 send_data_packet (pkt);
1000 else
1001 {
1002 data_queue.put (new tap_packet (*pkt));
1003 post_inject_queue ();
1004 }
1005 }
1006
1007 void
1008 connection::inject_vpn_packet (vpn_packet *pkt, int tos)
1009 {
1010 if (ictx && octx)
1011 send_vpn_packet (pkt, si, tos);
1012 else
1013 {
1014 vpn_queue.put ((vpn_packet *)new data_packet (*(data_packet *)pkt));
1015 post_inject_queue ();
1016 }
1017 }
1018
1019 void
1020 connection::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi)
1021 {
1022 last_activity = ev_now ();
1023
1024 slog (L_NOISE, "%s >> received packet type %d from %d to %d.",
1025 conf->nodename, pkt->typ (), pkt->src (), pkt->dst ());
1026
1027 if (connectmode == conf_node::C_DISABLED)
1028 return;
1029
1030 switch (pkt->typ ())
1031 {
1032 case vpn_packet::PT_PING:
1033 slog (L_TRACE, "%s >> PT_PING", conf->nodename);
1034
1035 // we send pings instead of auth packets after some retries,
1036 // so reset the retry counter and establish a connection
1037 // when we receive a ping.
1038 if (!ictx)
1039 {
1040 if (auth_rate_limiter.can (rsi))
1041 send_auth_request (rsi, true);
1042 }
1043 else
1044 // we would love to change the socket address here, but ping's aren't
1045 // authenticated, so we best ignore it.
1046 send_ping (rsi, 1); // pong
1047
1048 break;
1049
1050 case vpn_packet::PT_PONG:
1051 slog (L_TRACE, "%s >> PT_PONG", conf->nodename);
1052
1053 // a PONG might mean that the other side doesn't really know
1054 // about our desire for communication.
1055 establish_connection ();
1056 break;
1057
1058 case vpn_packet::PT_RESET:
1059 {
1060 reset_connection ();
1061
1062 config_packet *p = (config_packet *) pkt;
1063
1064 if (!p->chk_config ())
1065 {
1066 slog (L_WARN, _("%s(%s): protocol mismatch, disabling node."),
1067 conf->nodename, (const char *)rsi);
1068 connectmode = conf_node::C_DISABLED;
1069 }
1070 else if (connectmode == conf_node::C_ALWAYS)
1071 establish_connection ();
1072 }
1073 break;
1074
1075 case vpn_packet::PT_AUTH_REQ:
1076 if (auth_rate_limiter.can (rsi))
1077 {
1078 auth_req_packet *p = (auth_req_packet *)pkt;
1079
1080 slog (L_TRACE, "%s >> PT_AUTH_REQ(%s,p%02x,f%02x)",
1081 conf->nodename, p->initiate ? "initiate" : "reply",
1082 p->protocols, p->features);
1083
1084 if (p->chk_config () && !memcmp (p->magic, MAGIC, 8))
1085 {
1086 if (p->prot_minor != PROTOCOL_MINOR)
1087 slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."),
1088 conf->nodename, (const char *)rsi,
1089 PROTOCOL_MINOR, conf->nodename, p->prot_minor);
1090
1091 if (p->initiate)
1092 send_auth_request (rsi, false);
1093
1094 auth_data auth;
1095
1096 if (!auth_decrypt (::conf.rsa_key, p->encr, auth))
1097 {
1098 slog (L_ERR, _("%s(%s): challenge illegal or corrupted (%s). mismatched key or config file?"),
1099 conf->nodename, (const char *)rsi, ERR_error_string (ERR_get_error (), 0));
1100 }
1101 else
1102 {
1103 bool chg = !have_rcv_auth || memcmp (&rcv_auth, &auth, sizeof auth);
1104
1105 rcv_auth = auth;
1106 have_rcv_auth = true;
1107
1108 send_auth_response (rsi);
1109
1110 if (chg)
1111 {
1112 conf->protocols = p->protocols;
1113 features = p->features & config_packet::get_features ();
1114
1115 connection_established (rsi);
1116 }
1117 }
1118
1119 break;
1120 }
1121 else
1122 slog (L_WARN, _("%s(%s): protocol mismatch."),
1123 conf->nodename, (const char *)rsi);
1124
1125 send_reset (rsi);
1126 }
1127
1128 break;
1129
1130 case vpn_packet::PT_AUTH_RES:
1131 {
1132 auth_res_packet *p = (auth_res_packet *)pkt;
1133
1134 slog (L_TRACE, "%s >> PT_AUTH_RES", conf->nodename);
1135
1136 if (p->chk_config ())
1137 {
1138 if (memcmp (&p->response.mac, snd_auth_mac, sizeof (snd_auth_mac)))
1139 {
1140 slog (L_ERR, _("%s(%s): unrequested or outdated auth response, ignoring."),
1141 conf->nodename, (const char *)rsi);
1142 }
1143 else if (!have_snd_auth)
1144 {
1145 if (p->prot_minor != PROTOCOL_MINOR)
1146 slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."),
1147 conf->nodename, (const char *)rsi,
1148 PROTOCOL_MINOR, conf->nodename, p->prot_minor);
1149
1150 prot_minor = p->prot_minor;
1151 memcpy (snd_ecdh_b, p->response.ecdh, sizeof (snd_ecdh_b));
1152
1153 have_snd_auth = true;
1154 connection_established (rsi);
1155 }
1156
1157 break;
1158 }
1159 }
1160
1161 send_reset (rsi);
1162 break;
1163
1164 case vpn_packet::PT_DATA_COMPRESSED:
1165 #if !ENABLE_COMPRESSION
1166 send_reset (rsi);
1167 break;
1168 #endif
1169
1170 case vpn_packet::PT_DATA_UNCOMPRESSED:
1171
1172 if (ictx && octx)
1173 {
1174 vpndata_packet *p = (vpndata_packet *)pkt;
1175
1176 if (!p->hmac_chk (ictx))
1177 slog (L_ERR, _("%s(%s): hmac authentication error, received invalid packet\n"
1178 "could be an attack, or just corruption or a synchronization error."),
1179 conf->nodename, (const char *)rsi);
1180 else
1181 {
1182 u32 seqno;
1183 tap_packet *d = p->unpack (this, seqno);
1184 int seqclass = iseqno.seqno_classify (seqno);
1185
1186 if (seqclass == 0) // ok
1187 {
1188 vpn->tap->send (d);
1189
1190 if (si != rsi)
1191 {
1192 // fast re-sync on source address changes, useful especially for tcp/ip
1193 //if (last_si_change < ev_now () + 5.)
1194 // {
1195 slog (L_INFO, _("%s(%s): changing socket address to %s."),
1196 conf->nodename, (const char *)si, (const char *)rsi);
1197
1198 si = rsi;
1199
1200 if (::conf.script_node_change)
1201 {
1202 run_script_cb *cb = new run_script_cb;
1203 cb->set<connection, &connection::script_node_change> (this);
1204 run_script_queued (cb, _("node-change command execution failed, continuing."));
1205 }
1206
1207 // }
1208 //else
1209 // slog (L_INFO, _("%s(%s): accepted packet from %s, not (yet) redirecting traffic."),
1210 // conf->nodename, (const char *)si, (const char *)rsi);
1211 }
1212 }
1213 else if (seqclass == 1) // far history
1214 slog (L_ERR, _("received very old packet (received %08lx, expected %08lx). "
1215 "possible replay attack, or just packet duplication/delay, ignoring."), seqno, iseqno.seq + 1);
1216 else if (seqclass == 2) // in-window duplicate, happens often on wireless
1217 slog (L_DEBUG, _("received recent duplicated packet (received %08lx, expected %08lx). "
1218 "possible replay attack, or just packet duplication, ignoring."), seqno, iseqno.seq + 1);
1219 else if (seqclass == 3) // reset
1220 {
1221 slog (L_ERR, _("received out-of-sync (far future) packet (received %08lx, expected %08lx). "
1222 "probably just massive packet loss, sending reset."), seqno, iseqno.seq + 1);
1223 send_reset (rsi);
1224 }
1225
1226 delete d;
1227 break;
1228 }
1229 }
1230
1231 send_reset (rsi);
1232 break;
1233
1234 case vpn_packet::PT_CONNECT_REQ:
1235 if (ictx && octx && rsi == si && pkt->hmac_chk (ictx))
1236 {
1237 connect_req_packet *p = (connect_req_packet *)pkt;
1238
1239 if (p->id > 0 && p->id <= vpn->conns.size ())
1240 {
1241 connection *c = vpn->conns[p->id - 1];
1242 conf->protocols = p->protocols;
1243
1244 slog (L_TRACE, "%s >> PT_CONNECT_REQ(%s,p%02x) [%d]",
1245 conf->nodename, vpn->conns[p->id - 1]->conf->nodename,
1246 p->protocols,
1247 c->ictx && c->octx);
1248
1249 if (c->ictx && c->octx)
1250 {
1251 // send connect_info packets to both sides, in case one is
1252 // behind a nat firewall (or both ;)
1253 c->send_connect_info (conf->id, si, conf->protocols);
1254 send_connect_info (c->conf->id, c->si, c->conf->protocols);
1255 }
1256 else
1257 c->establish_connection ();
1258 }
1259 else
1260 slog (L_WARN,
1261 _("received authenticated connection request from unknown node #%d, config file mismatch?"),
1262 p->id);
1263 }
1264
1265 break;
1266
1267 case vpn_packet::PT_CONNECT_INFO:
1268 if (ictx && octx && rsi == si && pkt->hmac_chk (ictx))
1269 {
1270 connect_info_packet *p = (connect_info_packet *)pkt;
1271
1272 if (p->id > 0 && p->id <= vpn->conns.size ())
1273 {
1274 connection *c = vpn->conns[p->id - 1];
1275
1276 c->conf->protocols = p->protocols;
1277 protocol = best_protocol (c->conf->protocols & THISNODE->protocols & p->si.supported_protocols (c->conf));
1278 p->si.upgrade_protocol (protocol, c->conf);
1279
1280 slog (L_TRACE, "%s >> PT_CONNECT_INFO(%s,%s,protocols=%02x,protocol=%02x,upgradable=%02x) [%d]",
1281 conf->nodename,
1282 vpn->conns[p->id - 1]->conf->nodename,
1283 (const char *)p->si,
1284 p->protocols,
1285 protocol,
1286 p->si.supported_protocols (c->conf),
1287 !c->ictx && !c->octx);
1288
1289 const sockinfo &dsi = forward_si (p->si);
1290
1291 if (dsi.valid ())
1292 c->send_auth_request (dsi, true);
1293 else
1294 slog (L_INFO, "connect info for %s received (%s), but still unable to contact.",
1295 vpn->conns[p->id - 1]->conf->nodename,
1296 (const char *)p->si);
1297 }
1298 else
1299 slog (L_WARN,
1300 _("received authenticated connection request from unknown node #%d, config file mismatch?"),
1301 p->id);
1302 }
1303
1304 break;
1305
1306 default:
1307 send_reset (rsi);
1308 break;
1309 }
1310 }
1311
1312 inline void
1313 connection::keepalive_cb (ev::timer &w, int revents)
1314 {
1315 ev_tstamp when = last_activity + ::conf.keepalive - ev::now ();
1316
1317 if (when >= 0)
1318 w.start (when);
1319 else if (when < -15)
1320 {
1321 reset_connection ();
1322 establish_connection ();
1323 }
1324 else if (conf->connectmode != conf_node::C_ONDEMAND
1325 || THISNODE->connectmode != conf_node::C_ONDEMAND)
1326 {
1327 w.start (3);
1328 send_ping (si);
1329 }
1330 else if (when >= -10)
1331 // hold ondemand connections implicitly a few seconds longer
1332 // should delete octx, though, or something like that ;)
1333 w.start (when + 10);
1334 else
1335 reset_connection ();
1336 }
1337
1338 void
1339 connection::send_connect_request (int id)
1340 {
1341 connect_req_packet *p = new connect_req_packet (conf->id, id, THISNODE->protocols);
1342
1343 slog (L_TRACE, "%s << PT_CONNECT_REQ(%s,p%02x)",
1344 conf->nodename, vpn->conns[id - 1]->conf->nodename,
1345 THISNODE->protocols);
1346 p->hmac_set (octx);
1347 send_vpn_packet (p, si);
1348
1349 delete p;
1350 }
1351
1352 void
1353 connection::script_init_env (const char *ext)
1354 {
1355 char *env;
1356 asprintf (&env, "IFUPDATA%s=%s", ext, conf->if_up_data); putenv (env);
1357 asprintf (&env, "NODENAME%s=%s", ext, conf->nodename); putenv (env);
1358 asprintf (&env, "MAC%s=%02x:%02x:%02x:%02x:%02x:%02x", ext,
1359 0xfe, 0xfd, 0x80, 0x00, conf->id >> 8,
1360 conf->id & 0xff); putenv (env);
1361 }
1362
1363 void
1364 connection::script_init_connect_env ()
1365 {
1366 vpn->script_init_env ();
1367
1368 char *env;
1369 asprintf (&env, "DESTID=%d", conf->id); putenv (env);
1370 asprintf (&env, "DESTSI=%s", (const char *)si); putenv (env);
1371 asprintf (&env, "DESTNODE=%s", conf->nodename); putenv (env);
1372 asprintf (&env, "DESTIP=%s", si.ntoa ()); putenv (env);
1373 asprintf (&env, "DESTPORT=%d", ntohs (si.port)); putenv (env);
1374 }
1375
1376 inline const char *
1377 connection::script_node_up ()
1378 {
1379 script_init_connect_env ();
1380
1381 putenv ((char *)"STATE=up");
1382
1383 char *filename;
1384 asprintf (&filename,
1385 "%s/%s",
1386 confbase,
1387 ::conf.script_node_up ? ::conf.script_node_up : "node-up");
1388
1389 return filename;
1390 }
1391
1392 inline const char *
1393 connection::script_node_change ()
1394 {
1395 script_init_connect_env ();
1396
1397 putenv ((char *)"STATE=change");
1398
1399 char *filename;
1400 asprintf (&filename,
1401 "%s/%s",
1402 confbase,
1403 ::conf.script_node_change ? ::conf.script_node_change : "node-change");
1404
1405 return filename;
1406 }
1407
1408 inline const char *
1409 connection::script_node_down ()
1410 {
1411 script_init_connect_env ();
1412
1413 putenv ((char *)"STATE=down");
1414
1415 char *filename;
1416 asprintf (&filename,
1417 "%s/%s",
1418 confbase,
1419 ::conf.script_node_down ? ::conf.script_node_down : "node-down");
1420
1421 return filename;
1422 }
1423
1424 connection::connection (struct vpn *vpn, conf_node *conf)
1425 : vpn(vpn), conf(conf),
1426 #if ENABLE_DNS
1427 dns (0),
1428 #endif
1429 data_queue(conf->max_ttl, conf->max_queue + 1),
1430 vpn_queue(conf->max_ttl, conf->max_queue + 1)
1431 {
1432 rekey .set<connection, &connection::rekey_cb > (this);
1433 keepalive .set<connection, &connection::keepalive_cb > (this);
1434 establish_connection.set<connection, &connection::establish_connection_cb> (this);
1435
1436 last_establish_attempt = 0.;
1437 octx = ictx = 0;
1438
1439 connectmode = conf->connectmode;
1440
1441 // queue a dummy packet to force an initial connection attempt
1442 if (connectmode != conf_node::C_ALWAYS && connectmode != conf_node::C_DISABLED)
1443 vpn_queue.put (new net_packet);
1444
1445 reset_connection ();
1446 }
1447
1448 connection::~connection ()
1449 {
1450 shutdown ();
1451 }
1452
1453 void
1454 connection_init ()
1455 {
1456 auth_rate_limiter.clear ();
1457 reset_rate_limiter.clear ();
1458 }
1459